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What is claimed is: 



1. 



A systei 



for authenticating message data to be exchanged between a sender and a 



receiver, comprising: I 

a controller that Dynamically selects one of a plurality of authentication mechanisms to be 
used in providing authentication for an exchange of message data; 

a security association and key management module that establishes security associations 
for said plurality of authentication mechanisms; and 

an authentication module that includes support for said plurality of authentication 
mechanisms, wherein saial authentication module generates an authentication tag using an 
authentication mechanism selected by said control, said authentication tag being appended to said 
message data. I 

2. The system off claim 1, wherein said controller receives an input identifying a 
processor load. I 

3. The system of dlaim 1, wherein said controller receives an input identifying an 
authentication error level. \ 

4. The system of claim 1 , wherein said controller receives an input identifying 
network defense alarms. \ 
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5. The systen^of claim 1, wherein said controller receives an input identifying a 
security policy. 
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6. The system 
resource and one or more 



more security resource 
application and being res 
for a corresponding 
responsible for providing 



f claim 1, wherein said controller includes a network security service 
security association resource managers contexts, each of said one or 
managers contexts being established for a corresponding network 
ponsible for establishing and maintaining an authentication mechanism 
associated network application, said network security service resource being 
resource and security constraints within which each of said one or more 



security resource managers contexts operates. 

7. The system pf claim 1 , wherein said security association and key management 
module generates an authentication key for authenticating said message data. 



8. The system o 
module generates a confident 



claim 1 , wherein said security association and key management 
ality key for securing control messages. 



9. The system of 
20 module operates in accordan< e 
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10. The system of claim 1, wherein said authentication module operates in accordance 
with the IPsec standaids 

11. A system for authenticating message data to be exchanged between a sender and a 
receiver, comprising: 

a controller thai dynamically selects one of a plurality of authentication mechanisms to be 
used in providing authentication for an exchange of message data; and 

an authentication module that generates an authentication tag using said selected 
authentication mechanism, said authentication tag being appended to said message data. 

12. The system of claim 1, further comprising a security association and key 

I <*>r 

management module that establishes and maintains said plurality of authentication mechanisms. 

13. The systemlof claim 2, wherein said security association and key management 
module operates in accordance with IKE. 



14. A method fof authenticating information to be exchanged between a sender and a 
receiver, comprising: 

(a) identifying a bhange in a parameter that affects a selection of an authentication 
strength level between a sender and a receiver; and 
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(b) dynamically modifying said authentication strength level based upon said 



identified change. 



15. The riethod of claim 14, wherein step (a) comprises identifying a change in 



processor load. 



authentication error 



alarm. 



security policy. 



16. The riethod of claim 14, wherein step (a) comprises identifying a change in 
evel. 



17. The r lethod of claim 14, wherein step (a) comprises receiving a network defense 



18. The method of claim 14, wherein step (a) comprises identifying a change in 



19. A method for authenticating information to be exchanged between a sender and a 
receiver, comprising: 

(a) select ng a first authentication mechanism from among a plurality of 
authentication mectenisms that collectively define at least two different authentication strength 
and performance trac eoffs; and 
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(b) dynamically switching from said first authentication mechanism to a second 
authentication mechanism in said plurality of authentication mechanisms in response to a change 
in a monitored condition. 

20. The method of claim 19, wherein step (b) comprises switching to said second 
authentication mechani >m upon a change in processor load. 

21 . The met lod of claim 19, wherein step (b) comprises switching to said second 



authentication mechani 



upon a change in authentication error level. 



22. The method of claim 19, wherein step (b) comprises switching to said second 
authentication mechanism upon receipt of a network defense alarm. 



23. The method lof claim 19, wherein step (b) comprises switching to said second 
authentication mechanism upon a change in security policy. 
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